问题
In a Swift 3.0 project I'm currently working, my customer has asked me to integrate with a custom Application created at their corporate Azure Active Directory.
I'm using the ADAL library by Microsoft (https://github.com/AzureAD/microsoft-authentication-library-for-objc) It even comes with a sample in Swift. If I use it out of the box, everything works fine. However when I configure it with my customer's data I allways obtain the following error
AADSTS90130: Application '[MyCustomersAppIdinAzureAD]' ([MyCustomersAppNameinAzureAD]) is not supported over the /common or /consumers endpoint. Please use the /organizations or tenant-specific endpoint.
I suppose I'm not configuring the example correctly. I've seen three constants taht need to be configured. Here are the values I'm using
let kClientId = "[MyCustomersAzureADAppId]"
let kCurrentUserIdentifier = "MSALCurrentUserIdentifier"
let kAuthority = "https://login.microsoftonline.com/[myCustomerAzureId]
The customer's app Id, I obtain from Azure Portal, as shown in this image
ApplicationId
I've left kCurrentUserIdentifier with its default value (MSALCurrentIdentifier) because I really don't know what to put in there.
On the other hand I suspect the key is the "kAuthority" field. For this I'm using the guid I obtain form my cusotmer's Azure Admin portal from the "Endpoints Section" as shown in this image
Azure Endpoints
I reckon this is the right way to use this library. However, I always get the same error. I suppose the library is using a url like this
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=app_ud
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345
Instead of using this
https://login.microsoftonline.com/[mycustomersguid]/oauth2/authorize?
client_id=app_ud
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&resource=https%3A%2F%2Fservice.contoso.com%2F
&state=12345
However I cannot find the place at the example to fix this value.
回答1:
Finally I got it working
In the sample, the kAuthority constant was not used.
Passing it as a parameter in the Application Creation constructor did de magic.
return try MSALPublicClientApplication(clientId: kClientId, authority: kAuthority)
回答2:
//In ViewController.swift
let kClientID = "<applicationid>"
// These settings you don't need to edit unless you wish to attempt deeper scenarios with the app.
let kGraphURI = "https://graph.microsoft.com/v1.0/me/"
let kScopes: [String] = ["https://graph.microsoft.com/user.read"]
let kAuthority = "https://login.microsoftonline.com/<your-azzure-tenantid>/"
//In the info.plist
//it is weird but you need to simply add prefix msal with the tenantid
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLName</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleURLSchemes</key>
<array>
<string>msal<your-azzure-tenantid></string>
<string>auth</string>
</array>
</dict>
</array>
来源:https://stackoverflow.com/questions/48597765/msal-objective-c-library-ios-sample-dont-know-how-to-configure-it